Google announced via blog post Thursday that it will soon automatically enroll users in two-factor authentication (2FA). So long as their Google accounts are appropriately configured, users will be prompted to confirm log-in attempts through their mobile phones. The announcement came on World Password Day (which apparently is a real thing that Google did not make up for the sake of this announcement).
There are two significant implications of the decision:
First, for those who are more risk-tolerant when it comes to cybersecurity, the addition of 2FA will come as an unwelcome inconvenience. For instance, if you're trying to sign in on a laptop and your phone happens to be charging in the other room, mandatory 2FA might feel frustrating. Google would likely argue that this is a small price to pay for a much more robust security protocol, but some users won't see it as such.
Second, Google's embrace of 2FA could help it gain a larger share of the single-sign-on market, particularly for applications that are more sensitive to perceived security threats. Google hinted at this ambition later in the blog post, where it detailed its efforts to build out the functionality of Password Manager. The product allows users to automatically populate passwords for third-party sites using their Google account. Even though Google already gave users the option to implement 2FA, the automatic enrollment policy could give large enterprise clients the confidence to use Google over third-party SSO providers such as Okta and Duo.